From da4ca2080852949ed2aa7b946b55b0eede3764da Mon Sep 17 00:00:00 2001 From: Jannik Badenhop Date: Thu, 21 Nov 2024 13:09:50 +0000 Subject: [PATCH 01/20] downgrade moodle for upgrade testing --- moodle/Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/moodle/Dockerfile b/moodle/Dockerfile index a38d5c7..b568558 100644 --- a/moodle/Dockerfile +++ b/moodle/Dockerfile @@ -1,9 +1,9 @@ # This Dockerfile starts the entrypoint script to evaluate if a new moodle version exists and an update should be started. # Stage 1: Build stage -FROM bitnami/moodle:4.1.14-debian-12-r0 AS build +FROM bitnami/moodle:4.1.13-debian-12-r0 AS build USER root -ARG MOODLE_VERSION=${MOODLE_VERSION:-"4.1.14"} +ARG MOODLE_VERSION=${MOODLE_VERSION:-"4.1.13"} COPY scripts/install/downloadMoodle.sh /downloadMoodle.sh COPY scripts/install/downloadPlugins.sh /downloadPlugins.sh @@ -33,8 +33,8 @@ RUN mkdir /plugins && /downloadPlugins.sh # RUN /scripts/phpRedisInstall.sh # Stage 2: Production stage -FROM bitnami/moodle:4.1.14-debian-12-r0 -ARG MOODLE_VERSION=${MOODLE_VERSION:-"4.1.14"} +FROM bitnami/moodle:4.1.13-debian-12-r0 +ARG MOODLE_VERSION=${MOODLE_VERSION:-"4.1.13"} ARG DEBUG=${DEBUG:-false} RUN echo "de_DE.UTF-8 UTF-8" >> /etc/locale.gen && locale-gen From 8f6e6ff6429476ef3b98c5be7247c9b6eec2dcb4 Mon Sep 17 00:00:00 2001 From: Jannik Badenhop Date: Thu, 21 Nov 2024 15:41:52 +0000 Subject: [PATCH 02/20] rename scripts consistently --- .../dbp-moodle/scripts/moodleCronjobScript.sh | 28 ------------------- .../{moodleRestoreScript.sh => restore.sh} | 0 ...e-preparation.sh => update-preparation.sh} | 16 ++++++++--- .../moodle-update-preparation-job.yaml | 6 ++-- .../configmaps/moodle-cronjob-configmap.yaml | 2 +- .../moodle-restore-script-configmap.yaml | 2 +- ...dle-update-preparation-hook-configmap.yaml | 2 +- 7 files changed, 18 insertions(+), 38 deletions(-) delete mode 100644 charts/dbp-moodle/scripts/moodleCronjobScript.sh rename charts/dbp-moodle/scripts/{moodleRestoreScript.sh => restore.sh} (100%) rename charts/dbp-moodle/scripts/{hook/moodle-update-preparation.sh => update-preparation.sh} (65%) diff --git a/charts/dbp-moodle/scripts/moodleCronjobScript.sh b/charts/dbp-moodle/scripts/moodleCronjobScript.sh deleted file mode 100644 index 782f1ed..0000000 --- a/charts/dbp-moodle/scripts/moodleCronjobScript.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -set -e - -health_file="/tmp/healthy" - -# Create liveness probe file -touch "${health_file}" - -function clean_up() { - exit_code=$? - if [ $exit_code -eq 0 ]; then - echo "Command '/opt/bitnami/php/bin/php ./bitnami/moodle/admin/cli/cron.php' has been run on pod [${moodle_pod}]!" - exit $exit_code - else - echo "An error occurred. Deleting health file: ${health_file}" - rm -f "${health_file}" - exit $exit_code - fi -} - -trap "clean_up" EXIT - -moodle_pod=$(kubectl -n {{ .Release.Namespace }} get pods -l app.kubernetes.io/name=moodle -o jsonpath='{.items[0].metadata.name}') - -echo "Waiting for pod [${moodle_pod}] to be ready..." -kubectl -n "{{ .Release.Namespace }}" wait --for=condition=Ready pod/"${moodle_pod}" --timeout={{ .Values.dbpMoodle.moodlecronjob.wait_timeout }} -echo "Executing command in pod: ${moodle_pod}" -kubectl exec -n {{ .Release.Namespace }} "${moodle_pod}" -- /opt/bitnami/php/bin/php ./bitnami/moodle/admin/cli/cron.php diff --git a/charts/dbp-moodle/scripts/moodleRestoreScript.sh b/charts/dbp-moodle/scripts/restore.sh similarity index 100% rename from charts/dbp-moodle/scripts/moodleRestoreScript.sh rename to charts/dbp-moodle/scripts/restore.sh diff --git a/charts/dbp-moodle/scripts/hook/moodle-update-preparation.sh b/charts/dbp-moodle/scripts/update-preparation.sh similarity index 65% rename from charts/dbp-moodle/scripts/hook/moodle-update-preparation.sh rename to charts/dbp-moodle/scripts/update-preparation.sh index 60be4db..cd65bab 100644 --- a/charts/dbp-moodle/scripts/hook/moodle-update-preparation.sh +++ b/charts/dbp-moodle/scripts/update-preparation.sh @@ -6,8 +6,14 @@ set -o pipefail health_file="/tmp/healthy" +# Deployment has "-moodle" appended if the Release.Name does not contain "moodle" +deployment_name="{{ .Release.Name }}" +if [[ "$deployment_name" != "moodle" && "$deployment_name" != *"moodle"* ]]; then + deployment_name="${deployment_name}-moodle" +fi + get_current_deployment_image() { - kubectl get "deploy/{{ .Release.Name }}" -n "{{ .Release.Namespace }}" -o jsonpath='{..image}' |\ + kubectl get "deploy/${deployment_name}" -n "{{ .Release.Namespace }}" -o jsonpath='{..image}' |\ tr -s '[:space:]' '\n' |\ grep '{{- .Values.moodle.image.repository -}}' } @@ -30,14 +36,16 @@ printf 'Image change detected\n' printf 'Disabling regular cronjob to prevent failing runs\n' kubectl patch cronjobs "{{ .Release.Name }}"-moodlecronjob-"{{ include "moodlecronjob.job_name" . }}" -n "{{ .Release.Namespace }}" -p '{"spec" : {"suspend" : true }}' -printf 'Scaling deployment "{{ .Release.Name }}" to 0 replicas\n' -kubectl patch "deploy/{{ .Release.Name }}" -n "{{ .Release.Namespace }}" -p '{"spec":{"replicas": 0}}' +printf 'Scaling deployment "%s" to 0 replicas\n' "$deployment_name" +kubectl patch "deploy/${deployment_name}" -n "{{ .Release.Namespace }}" -p '{"spec":{"replicas": 0}}' {{ if .Values.dbpMoodle.backup.enabled }} if [ "$BACKUP_ENABLED" = true ]; then printf 'Starting pre-update backup\n' - kubectl create job moodle-pre-update-backup-job -n "{{ .Release.Namespace }}" --from=cronjob.batch/moodle-backup-cronjob-backup + kubectl create job moodle-pre-update-backup-job -n "{{ .Release.Namespace }}" --from="cronjob.batch/{{ include "backup-cronjob.job_name" . }}" printf 'Waiting for backup to finish...\n' kubectl wait --for=condition=complete --timeout=10m job/moodle-pre-update-backup-job fi {{ end }} + +printf 'Preparations completed successfully, exting...' \ No newline at end of file diff --git a/charts/dbp-moodle/templates/chart-hooks/moodle-update-preparation-job.yaml b/charts/dbp-moodle/templates/chart-hooks/moodle-update-preparation-job.yaml index 851a872..7a6ddcf 100644 --- a/charts/dbp-moodle/templates/chart-hooks/moodle-update-preparation-job.yaml +++ b/charts/dbp-moodle/templates/chart-hooks/moodle-update-preparation-job.yaml @@ -15,15 +15,15 @@ spec: image: {{ .Values.dbpMoodle.moodleUpdatePreparationJob.kubectlImage }} securityContext: privileged: false - command: ["/bin/bash", "/moodle-update-preparation.sh"] + command: ["/bin/bash", "/update-preparation.sh"] resources: {{ .Values.dbpMoodle.moodleUpdatePreparationJob.resources | toYaml }} env: - name: BACKUP_ENABLED value: '{{ .Values.dbpMoodle.backup.enabled }}' volumeMounts: - name: script-volume - mountPath: /moodle-update-preparation.sh - subPath: moodle-update-preparation.sh + mountPath: /update-preparation.sh + subPath: update-preparation.sh livenessProbe: exec: command: diff --git a/charts/dbp-moodle/templates/configmaps/moodle-cronjob-configmap.yaml b/charts/dbp-moodle/templates/configmaps/moodle-cronjob-configmap.yaml index b58063b..9fa23db 100644 --- a/charts/dbp-moodle/templates/configmaps/moodle-cronjob-configmap.yaml +++ b/charts/dbp-moodle/templates/configmaps/moodle-cronjob-configmap.yaml @@ -5,4 +5,4 @@ metadata: namespace: {{ .Release.Namespace }} data: cronjob-script: |- -{{ tpl ( .Files.Get "scripts/moodleCronjobScript.sh" ) . | nindent 4 }} \ No newline at end of file +{{ tpl ( .Files.Get "scripts/cronjob.sh" ) . | nindent 4 }} \ No newline at end of file diff --git a/charts/dbp-moodle/templates/configmaps/moodle-restore-script-configmap.yaml b/charts/dbp-moodle/templates/configmaps/moodle-restore-script-configmap.yaml index 42e9e63..5a90817 100644 --- a/charts/dbp-moodle/templates/configmaps/moodle-restore-script-configmap.yaml +++ b/charts/dbp-moodle/templates/configmaps/moodle-restore-script-configmap.yaml @@ -10,5 +10,5 @@ metadata: "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed data: restore-script: |- -{{- tpl ( .Files.Get "scripts/moodleRestoreScript.sh" ) . | nindent 4 -}} +{{- tpl ( .Files.Get "scripts/restore.sh" ) . | nindent 4 -}} {{- end }} \ No newline at end of file diff --git a/charts/dbp-moodle/templates/configmaps/moodle-update-preparation-hook-configmap.yaml b/charts/dbp-moodle/templates/configmaps/moodle-update-preparation-hook-configmap.yaml index b4873db..806c734 100644 --- a/charts/dbp-moodle/templates/configmaps/moodle-update-preparation-hook-configmap.yaml +++ b/charts/dbp-moodle/templates/configmaps/moodle-update-preparation-hook-configmap.yaml @@ -9,5 +9,5 @@ metadata: "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed data: moodle-update-preparation.sh: |- -{{ tpl ( .Files.Get "scripts/hook/moodle-update-preparation.sh" ) . | nindent 4 }} +{{ tpl ( .Files.Get "scripts/update-preparation.sh" ) . | nindent 4 }} {{ end }} \ No newline at end of file From bcf3dbc44c13cb9bb15bc9721a383496c2cb0360 Mon Sep 17 00:00:00 2001 From: Jannik Badenhop Date: Thu, 21 Nov 2024 15:42:53 +0000 Subject: [PATCH 03/20] change operation to "replace" (from "add") when restoring moodle probes, so that there is only one probe --- charts/dbp-moodle/scripts/backup.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/dbp-moodle/scripts/backup.sh b/charts/dbp-moodle/scripts/backup.sh index df5614e..29f8d40 100644 --- a/charts/dbp-moodle/scripts/backup.sh +++ b/charts/dbp-moodle/scripts/backup.sh @@ -54,12 +54,12 @@ function clean_up() { # Careful, format the string with tabs only! restore_probe_patch=$(cat <<-EOF [{ - "op": "add", + "op": "replace", "path": "/spec/template/spec/containers/0/readinessProbe", "value": $(cat ${readiness_bckp}) }, { - "op": "add", + "op": "replace", "path": "/spec/template/spec/containers/0/livenessProbe", "value": $(cat ${liveness_bckp}) }] From de40b0380e999d7cc52cd2743f49881afcb25134 Mon Sep 17 00:00:00 2001 From: Jannik Badenhop Date: Thu, 21 Nov 2024 15:45:44 +0000 Subject: [PATCH 04/20] change var release_name to more appropriate deployment_name --- charts/dbp-moodle/scripts/backup.sh | 16 ++++++++-------- charts/dbp-moodle/scripts/restore.sh | 14 +++++++------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/charts/dbp-moodle/scripts/backup.sh b/charts/dbp-moodle/scripts/backup.sh index 29f8d40..6d400e8 100644 --- a/charts/dbp-moodle/scripts/backup.sh +++ b/charts/dbp-moodle/scripts/backup.sh @@ -65,7 +65,7 @@ function clean_up() { }] EOF ) - kubectl patch "deployment/${release_name}" -n "{{ .Release.Namespace }}" --type=json -p="$restore_probe_patch" + kubectl patch "deployment/${deployment_name}" -n "{{ .Release.Namespace }}" --type=json -p="$restore_probe_patch" else echo "Unable to turn on liveness and readiness probes. Either the readiness_bckp or the liveness_bckp does not exist or is empty." fi @@ -92,9 +92,9 @@ trap "clean_up" EXIT touch "${health_file}" # Deployment has "-moodle" appended if the Release.Name does not contain "moodle" -release_name="{{ .Release.Name }}" -if [[ $release_name != "moodle" && $release_name != *"moodle"* ]]; then - release_name="${release_name}-moodle" +deployment_name="{{ .Release.Name }}" +if [[ $deployment_name != "moodle" && $deployment_name != *"moodle"* ]]; then + deployment_name="${deployment_name}-moodle" fi # Create destination dir if not exists @@ -109,11 +109,11 @@ if ! [ -a /mountData/moodledata/CliUpdate ]; then kubectl patch cronjobs "{{ .Release.Name }}-moodlecronjob-{{ include "moodlecronjob.job_name" . }}" -n "{{ .Release.Namespace }}" -p '{"spec" : {"suspend" : true }}' echo "=== Turn off liveness and readiness probe ===" - kubectl get "deployment/${release_name}" -n "{{ .Release.Namespace }}" -o jsonpath="{.spec.template.spec.containers[0].readinessProbe}" > ${readiness_bckp} - kubectl get "deployment/${release_name}" -n "{{ .Release.Namespace }}" -o jsonpath="{.spec.template.spec.containers[0].livenessProbe}" > ${liveness_bckp} - kubectl patch "deployment/${release_name}" -n "{{ .Release.Namespace }}" --type=json -p="$dummy_probe_patch" + kubectl get "deployment/${deployment_name}" -n "{{ .Release.Namespace }}" -o jsonpath="{.spec.template.spec.containers[0].readinessProbe}" > ${readiness_bckp} + kubectl get "deployment/${deployment_name}" -n "{{ .Release.Namespace }}" -o jsonpath="{.spec.template.spec.containers[0].livenessProbe}" > ${liveness_bckp} + kubectl patch "deployment/${deployment_name}" -n "{{ .Release.Namespace }}" --type=json -p="$dummy_probe_patch" - kubectl rollout status "deployment/${release_name}" -n "{{ .Release.Namespace }}" + kubectl rollout status "deployment/${deployment_name}" -n "{{ .Release.Namespace }}" # Wait for running jobs to finish to avoid errors echo "=== Waiting for jobs to finish ===" diff --git a/charts/dbp-moodle/scripts/restore.sh b/charts/dbp-moodle/scripts/restore.sh index 2c71c69..9bd0160 100644 --- a/charts/dbp-moodle/scripts/restore.sh +++ b/charts/dbp-moodle/scripts/restore.sh @@ -21,19 +21,19 @@ health_file="/tmp/healthy" touch "${health_file}" # Deployment has "-moodle" appended if the Release.Name does not contain "moodle" -release_name="{{ .Release.Name }}" -if [[ "$release_name" != "moodle" && "$release_name" != *"moodle"* ]]; then - release_name="${release_name}-moodle" +deployment_name="{{ .Release.Name }}" +if [[ "$deployment_name" != "moodle" && "$deployment_name" != *"moodle"* ]]; then + deployment_name="${deployment_name}-moodle" fi # Get current replicas and scale down deployment -replicas=$(kubectl get "deployment/${release_name}" -n {{ .Release.Namespace }} -o=jsonpath='{.status.replicas}') +replicas=$(kubectl get "deployment/${deployment_name}" -n {{ .Release.Namespace }} -o=jsonpath='{.status.replicas}') echo "=== Current replicas detected: $replicas ===" if [ -z "$replicas" ] || [ "$replicas" -eq 0 ]; then replicas=1 fi echo "=== Scale moodle deployment to 0 replicas for restore operation ===" -kubectl scale "deployment/${release_name}" --replicas=0 -n {{ .Release.Namespace }} +kubectl scale "deployment/${deployment_name}" --replicas=0 -n {{ .Release.Namespace }} echo "=== After restore operation is completed will scale back to: $replicas replicas ===" # Restore @@ -96,7 +96,7 @@ PGPASSWORD="$DATABASE_PASSWORD" psql -h "$DATABASE_HOST" -p "$DATABASE_PORT" -U echo "=== Finished DB restore ===" echo "=== Scaling deployment replicas to $replicas ===" -kubectl scale "deployment/${release_name}" --replicas=$replicas -n {{ .Release.Namespace }} +kubectl scale "deployment/${deployment_name}" --replicas=$replicas -n {{ .Release.Namespace }} sleep 2 -scaledTo=$(kubectl get "deployment/${release_name}" -n {{ .Release.Namespace }} -o=jsonpath='{.status.replicas}') +scaledTo=$(kubectl get "deployment/${deployment_name}" -n {{ .Release.Namespace }} -o=jsonpath='{.status.replicas}') echo "=== Deployment scaled to: $scaledTo ===" \ No newline at end of file From ac79ba86fcb74ad77c5fbd61fbf1873832251666 Mon Sep 17 00:00:00 2001 From: Jannik Badenhop Date: Thu, 21 Nov 2024 15:47:24 +0000 Subject: [PATCH 05/20] rename value update_migration.enabled to moodleUpdatePreparationJob.enabled, since that value already exists --- .../templates/chart-hooks/moodle-update-preparation-job.yaml | 2 +- charts/dbp-moodle/values.yaml | 5 +---- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/charts/dbp-moodle/templates/chart-hooks/moodle-update-preparation-job.yaml b/charts/dbp-moodle/templates/chart-hooks/moodle-update-preparation-job.yaml index 7a6ddcf..2fc95fd 100644 --- a/charts/dbp-moodle/templates/chart-hooks/moodle-update-preparation-job.yaml +++ b/charts/dbp-moodle/templates/chart-hooks/moodle-update-preparation-job.yaml @@ -1,4 +1,4 @@ -{{ if and .Values.dbpMoodle.update_migration.enabled (not .Values.dbpMoodle.restore.enabled) }} +{{ if and .Values.dbpMoodle.moodleUpdatePreparationJob.enabled (not .Values.dbpMoodle.restore.enabled) }} apiVersion: batch/v1 kind: Job metadata: diff --git a/charts/dbp-moodle/values.yaml b/charts/dbp-moodle/values.yaml index 24c619a..c6e1515 100644 --- a/charts/dbp-moodle/values.yaml +++ b/charts/dbp-moodle/values.yaml @@ -71,10 +71,6 @@ dbpMoodle: name: infra stage: infra - # -- The dbp update process to migrate moodle data when moodle versions are increased - update_migration: - enabled: false - # -- disallows all egress from release namespace for the moodle deployment allowInternalNetworkingOnly: false @@ -119,6 +115,7 @@ dbpMoodle: # -- A preperation job which disables the php-cronjob, scales down the deployment and creates a backup if dbpMoodle.backup.enabled=true moodleUpdatePreparationJob: + enabled: false affinity: {} tolerations: [] resources: {} From 9312cc564abf530745ca54d65aae8b8f21c8f0fe Mon Sep 17 00:00:00 2001 From: Jannik Badenhop Date: Thu, 21 Nov 2024 15:47:37 +0000 Subject: [PATCH 06/20] rename scripts consistently --- charts/dbp-moodle/scripts/cronjob.sh | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 charts/dbp-moodle/scripts/cronjob.sh diff --git a/charts/dbp-moodle/scripts/cronjob.sh b/charts/dbp-moodle/scripts/cronjob.sh new file mode 100644 index 0000000..782f1ed --- /dev/null +++ b/charts/dbp-moodle/scripts/cronjob.sh @@ -0,0 +1,28 @@ +#!/bin/bash +set -e + +health_file="/tmp/healthy" + +# Create liveness probe file +touch "${health_file}" + +function clean_up() { + exit_code=$? + if [ $exit_code -eq 0 ]; then + echo "Command '/opt/bitnami/php/bin/php ./bitnami/moodle/admin/cli/cron.php' has been run on pod [${moodle_pod}]!" + exit $exit_code + else + echo "An error occurred. Deleting health file: ${health_file}" + rm -f "${health_file}" + exit $exit_code + fi +} + +trap "clean_up" EXIT + +moodle_pod=$(kubectl -n {{ .Release.Namespace }} get pods -l app.kubernetes.io/name=moodle -o jsonpath='{.items[0].metadata.name}') + +echo "Waiting for pod [${moodle_pod}] to be ready..." +kubectl -n "{{ .Release.Namespace }}" wait --for=condition=Ready pod/"${moodle_pod}" --timeout={{ .Values.dbpMoodle.moodlecronjob.wait_timeout }} +echo "Executing command in pod: ${moodle_pod}" +kubectl exec -n {{ .Release.Namespace }} "${moodle_pod}" -- /opt/bitnami/php/bin/php ./bitnami/moodle/admin/cli/cron.php From 24302ffa8f7a4413f84d2840b61e9310907b37f0 Mon Sep 17 00:00:00 2001 From: Jannik Badenhop Date: Thu, 21 Nov 2024 15:50:16 +0000 Subject: [PATCH 07/20] split up value for image into repository, image and tag where possible --- .../templates/chart-hooks/moodle-restore-job.yaml | 2 +- .../chart-hooks/moodle-update-preparation-job.yaml | 2 +- charts/dbp-moodle/values.yaml | 12 ++++++++---- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/charts/dbp-moodle/templates/chart-hooks/moodle-restore-job.yaml b/charts/dbp-moodle/templates/chart-hooks/moodle-restore-job.yaml index bb5b28e..c25aabb 100644 --- a/charts/dbp-moodle/templates/chart-hooks/moodle-restore-job.yaml +++ b/charts/dbp-moodle/templates/chart-hooks/moodle-restore-job.yaml @@ -37,7 +37,7 @@ spec: serviceAccount: "moodle-restore-job" containers: - name: moodle-restore-job - image: {{ .Values.dbpMoodle.restore.image }} + image: "{{ .Values.dbpMoodle.restore.repository }}/{{ .Values.dbpMoodle.restore.image }}:{{ .Values.dbpMoodle.restore.tag }}" command: - /bin/sh - -c diff --git a/charts/dbp-moodle/templates/chart-hooks/moodle-update-preparation-job.yaml b/charts/dbp-moodle/templates/chart-hooks/moodle-update-preparation-job.yaml index 2fc95fd..2342ed8 100644 --- a/charts/dbp-moodle/templates/chart-hooks/moodle-update-preparation-job.yaml +++ b/charts/dbp-moodle/templates/chart-hooks/moodle-update-preparation-job.yaml @@ -12,7 +12,7 @@ spec: spec: containers: - name: moodle-update-preparation - image: {{ .Values.dbpMoodle.moodleUpdatePreparationJob.kubectlImage }} + image: "{{ .Values.dbpMoodle.moodleUpdatePreparationJob.repository }}/{{ .Values.dbpMoodle.moodleUpdatePreparationJob.image }}:{{ .Values.dbpMoodle.moodleUpdatePreparationJob.tag }}" securityContext: privileged: false command: ["/bin/bash", "/update-preparation.sh"] diff --git a/charts/dbp-moodle/values.yaml b/charts/dbp-moodle/values.yaml index c6e1515..62eebe6 100644 --- a/charts/dbp-moodle/values.yaml +++ b/charts/dbp-moodle/values.yaml @@ -120,7 +120,9 @@ dbpMoodle: tolerations: [] resources: {} # -- Which kubectl image to use - kubectlImage: bitnami/kubectl:1.30.4-debian-12-r3 + repository: "ghcr.io/dbildungsplattform" + image: moodle-tools + tag: "1.0.8" moodleUpdatePreparationHook: rules: @@ -166,7 +168,9 @@ dbpMoodle: # -- This restores moodle to the latest snapshot. Requires an existing s3 backup. ONLY USE FOR ROLLBACK restore: enabled: false - image: ghcr.io/dbildungsplattform/moodle-tools:1.0.7 + repository: ghcr.io/dbildungsplattform + image: moodle-tools + tag: 1.0.8 resources: limits: cpu: 2000m @@ -503,7 +507,7 @@ etherpad-postgresql: moodlecronjob: image: repository: "ghcr.io/dbildungsplattform/moodle-tools" - tag: "1.0.7" + tag: "1.0.8" clusterRole: create: false serviceAccount: @@ -551,7 +555,7 @@ moodlecronjob: backup-cronjob: image: repository: "ghcr.io/dbildungsplattform/moodle-tools" - tag: "1.0.7" + tag: "1.0.8" clusterRole: create: false serviceAccount: From f94212c071cce70df10617500f022af8a3c5e56d Mon Sep 17 00:00:00 2001 From: Jannik Badenhop Date: Thu, 21 Nov 2024 15:52:31 +0000 Subject: [PATCH 08/20] change values for postregs and mariadb password & admin password (each) to be the same value now called database_password and database_root_password. (still refered to as mariadb-password in secret key). Also added a note in the secret specifying why that is --- charts/dbp-moodle/templates/_helpers.tpl | 10 +++------- charts/dbp-moodle/templates/secrets/moodle-secret.yaml | 8 ++++---- charts/dbp-moodle/values.yaml | 5 ++--- 3 files changed, 9 insertions(+), 14 deletions(-) diff --git a/charts/dbp-moodle/templates/_helpers.tpl b/charts/dbp-moodle/templates/_helpers.tpl index b5cea28..893224f 100644 --- a/charts/dbp-moodle/templates/_helpers.tpl +++ b/charts/dbp-moodle/templates/_helpers.tpl @@ -23,15 +23,11 @@ {{- default (randAlphaNum 16) .Values.dbpMoodle.secrets.moodle_password }} {{- end -}} -{{- define "dbpMoodle.secrets.pgsql_admin_password" -}} -{{- default (randAlphaNum 16) .Values.dbpMoodle.secrets.pgsql_admin_password }} +{{- define "dbpMoodle.secrets.database_password" -}} + {{- default (randAlphaNum 16) .Values.dbpMoodle.secrets.database_password }} {{- end -}} -{{- define "dbpMoodle.secrets.db_password" -}} -{{- default (randAlphaNum 16) .Values.dbpMoodle.secrets.mariadb_password }} -{{- end -}} - -{{- define "dbpMoodle.secrets.mariadb_root_password" -}} +{{- define "dbpMoodle.secrets.database_root_password" -}} {{- default (randAlphaNum 16) .Values.dbpMoodle.secrets.mariadb_root_password }} {{- end -}} diff --git a/charts/dbp-moodle/templates/secrets/moodle-secret.yaml b/charts/dbp-moodle/templates/secrets/moodle-secret.yaml index c5fe038..202534b 100644 --- a/charts/dbp-moodle/templates/secrets/moodle-secret.yaml +++ b/charts/dbp-moodle/templates/secrets/moodle-secret.yaml @@ -7,13 +7,13 @@ metadata: namespace: "{{ .Release.Namespace }}" stringData: moodle-password: {{ include "dbpMoodle.secrets.moodle_password" . }} + database-password-note: "Due to technical constraints, the database password key is always \"mariadb-password\" even if using PostgreSQL" + mariadb-password: {{ include "dbpMoodle.secrets.database_password" . }} {{- if .Values.postgresql.enabled }} - mariadb-password: {{ include "dbpMoodle.secrets.db_password" . }} - pgsql-admin-password: {{ include "dbpMoodle.secrets.pgsql_admin_password" . }} + pgsql-admin-password: {{ include "dbpMoodle.secrets.database_root_password" . }} {{- end }} {{- if .Values.mariadb.enabled }} - mariadb-password: {{ include "dbpMoodle.secrets.db_password" . }} - mariadb-root-password: {{ include "dbpMoodle.secrets.mariadb_root_password" . }} + mariadb-root-password: {{ include "dbpMoodle.secrets.database_root_password" . }} {{- end }} {{- if .Values.redis.enabled }} redis-password: {{ include "dbpMoodle.secrets.redis_password" . }} diff --git a/charts/dbp-moodle/values.yaml b/charts/dbp-moodle/values.yaml index 62eebe6..f91b20d 100644 --- a/charts/dbp-moodle/values.yaml +++ b/charts/dbp-moodle/values.yaml @@ -107,9 +107,8 @@ dbpMoodle: secrets: useChartSecret: true moodle_password: "" - pgsql_admin_password: "" - mariadb_password: "" - mariadb_root_password: "" + database_password: "" + database_root_password: "" etherpad_postgresql_password: "" etherpad_api_key: "" From 471f83cc24cb57e47fb2f7c59c0d43b2906d0b79 Mon Sep 17 00:00:00 2001 From: Jannik Badenhop Date: Thu, 21 Nov 2024 15:52:57 +0000 Subject: [PATCH 09/20] add helper for cronjob name --- charts/dbp-moodle/templates/_helpers.tpl | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/charts/dbp-moodle/templates/_helpers.tpl b/charts/dbp-moodle/templates/_helpers.tpl index 893224f..3cd75f6 100644 --- a/charts/dbp-moodle/templates/_helpers.tpl +++ b/charts/dbp-moodle/templates/_helpers.tpl @@ -19,6 +19,13 @@ {{- end -}} {{- end -}} +{{- define "backup-cronjob.job_name" -}} +{{- $releasename := .Release.Name -}} +{{- with (index .Values "backup-cronjob" "jobs") -}} +{{- printf "%s-backup-cronjob-%s" $releasename (index . 0).name -}} +{{- end -}} +{{- end -}} + {{- define "dbpMoodle.secrets.moodle_password" -}} {{- default (randAlphaNum 16) .Values.dbpMoodle.secrets.moodle_password }} {{- end -}} From 2bacb0a2706972cfd988b7262608ef44c1fa66d5 Mon Sep 17 00:00:00 2001 From: Jannik Badenhop Date: Thu, 21 Nov 2024 15:53:33 +0000 Subject: [PATCH 10/20] change etherpad_api_key helper to default to random alpha numeric string instead of moodle --- charts/dbp-moodle/templates/_helpers.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/dbp-moodle/templates/_helpers.tpl b/charts/dbp-moodle/templates/_helpers.tpl index 3cd75f6..eb8036e 100644 --- a/charts/dbp-moodle/templates/_helpers.tpl +++ b/charts/dbp-moodle/templates/_helpers.tpl @@ -47,7 +47,7 @@ {{- end -}} {{- define "dbpMoodle.secrets.etherpad_api_key" -}} -{{- default "moodle" .Values.dbpMoodle.secrets.etherpad_api_key }} +{{- default (randAlphaNum 16) .Values.dbpMoodle.secrets.etherpad_api_key }} {{- end -}} {{- define "dbpMoodle.backup.retention_time" -}} From 555ee3f72e3641fd9be2950068156894f7533eac Mon Sep 17 00:00:00 2001 From: Jannik Badenhop Date: Fri, 22 Nov 2024 10:28:10 +0000 Subject: [PATCH 11/20] fix update-preparation job, slight naming mismatch --- .../templates/chart-hooks/moodle-update-preparation-job.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/dbp-moodle/templates/chart-hooks/moodle-update-preparation-job.yaml b/charts/dbp-moodle/templates/chart-hooks/moodle-update-preparation-job.yaml index 2342ed8..09ee60a 100644 --- a/charts/dbp-moodle/templates/chart-hooks/moodle-update-preparation-job.yaml +++ b/charts/dbp-moodle/templates/chart-hooks/moodle-update-preparation-job.yaml @@ -23,7 +23,7 @@ spec: volumeMounts: - name: script-volume mountPath: /update-preparation.sh - subPath: update-preparation.sh + subPath: moodle-update-preparation.sh livenessProbe: exec: command: From 5e27e896d00012420a400a1f60cbdf30441a39ca Mon Sep 17 00:00:00 2001 From: Jannik Badenhop Date: Fri, 22 Nov 2024 10:35:35 +0000 Subject: [PATCH 12/20] add value dbpMoodle.backup.s3_certificate_path & dbpMoodle.backup.s3_certificate_key to be able to include a certificate for s3 endpoints with self signed certificates for backup/restore jobs --- charts/dbp-moodle/scripts/backup.sh | 5 +++++ charts/dbp-moodle/values.yaml | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/charts/dbp-moodle/scripts/backup.sh b/charts/dbp-moodle/scripts/backup.sh index 6d400e8..1d5a003 100644 --- a/charts/dbp-moodle/scripts/backup.sh +++ b/charts/dbp-moodle/scripts/backup.sh @@ -91,6 +91,11 @@ trap "clean_up" EXIT # Create liveness probe file touch "${health_file}" +{{ if and .Values.dbpMoodle.backup.s3_certificate_path .Values.dbpMoodle.backup.s3_certificate_key }} +printf "Appendending custom certificate (%s/%s) to /etc/ssl/certs/ca-certificates.crt\n" "{{ .Values.dbpMoodle.backup.s3_certificate_path }}" "{{ .Values.dbpMoodle.backup.s3_certificate_key }}" +cat "{{ .Values.dbpMoodle.backup.s3_certificate_path }}/{{ .Values.dbpMoodle.backup.s3_certificate_key }}" >> /etc/ssl/certs/ca-certificates.crt +{{ end }} + # Deployment has "-moodle" appended if the Release.Name does not contain "moodle" deployment_name="{{ .Release.Name }}" if [[ $deployment_name != "moodle" && $deployment_name != *"moodle"* ]]; then diff --git a/charts/dbp-moodle/values.yaml b/charts/dbp-moodle/values.yaml index f91b20d..e7a3630 100644 --- a/charts/dbp-moodle/values.yaml +++ b/charts/dbp-moodle/values.yaml @@ -155,6 +155,11 @@ dbpMoodle: s3_endpoint_url: "" # -- Existing secret for s3 endpoint existingSecret: "" + # -- (Optional) Secret key of a certificate for duply to connect to s3 endpoint using SSL, useful to trust self-signed certificates + # -- certificate has to mounted under values backup-cronjob + s3_certificate_key: "certificate.crt" + # -- (Optional) Path where the certificate is mounted + s3_certificate_path: "/certs" rules: - apiGroups: ["apps"] From f3c84c63ce61dfb483f13bd0de6b8008f922bb30 Mon Sep 17 00:00:00 2001 From: Jannik Badenhop Date: Fri, 22 Nov 2024 10:35:52 +0000 Subject: [PATCH 13/20] revert moodle version to 4.1.14 --- moodle/Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/moodle/Dockerfile b/moodle/Dockerfile index b568558..a38d5c7 100644 --- a/moodle/Dockerfile +++ b/moodle/Dockerfile @@ -1,9 +1,9 @@ # This Dockerfile starts the entrypoint script to evaluate if a new moodle version exists and an update should be started. # Stage 1: Build stage -FROM bitnami/moodle:4.1.13-debian-12-r0 AS build +FROM bitnami/moodle:4.1.14-debian-12-r0 AS build USER root -ARG MOODLE_VERSION=${MOODLE_VERSION:-"4.1.13"} +ARG MOODLE_VERSION=${MOODLE_VERSION:-"4.1.14"} COPY scripts/install/downloadMoodle.sh /downloadMoodle.sh COPY scripts/install/downloadPlugins.sh /downloadPlugins.sh @@ -33,8 +33,8 @@ RUN mkdir /plugins && /downloadPlugins.sh # RUN /scripts/phpRedisInstall.sh # Stage 2: Production stage -FROM bitnami/moodle:4.1.13-debian-12-r0 -ARG MOODLE_VERSION=${MOODLE_VERSION:-"4.1.13"} +FROM bitnami/moodle:4.1.14-debian-12-r0 +ARG MOODLE_VERSION=${MOODLE_VERSION:-"4.1.14"} ARG DEBUG=${DEBUG:-false} RUN echo "de_DE.UTF-8 UTF-8" >> /etc/locale.gen && locale-gen From 4d40dc4b2b06d7eb3b02b64961c5a73f93f2e09f Mon Sep 17 00:00:00 2001 From: Jannik Badenhop Date: Fri, 22 Nov 2024 10:36:03 +0000 Subject: [PATCH 14/20] add value dbpMoodle.backup.s3_certificate_path & dbpMoodle.backup.s3_certificate_key to be able to include a certificate for s3 endpoints with self signed certificates for backup/restore jobs --- charts/dbp-moodle/scripts/restore.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/charts/dbp-moodle/scripts/restore.sh b/charts/dbp-moodle/scripts/restore.sh index 9bd0160..f2a5566 100644 --- a/charts/dbp-moodle/scripts/restore.sh +++ b/charts/dbp-moodle/scripts/restore.sh @@ -20,6 +20,11 @@ health_file="/tmp/healthy" # Create liveness probe file touch "${health_file}" +{{ if and .Values.dbpMoodle.backup.s3_certificate_path .Values.dbpMoodle.backup.s3_certificate_key }} +printf "Appendending custom certificate (%s/%s) to /etc/ssl/certs/ca-certificates.crt\n" "{{ .Values.dbpMoodle.backup.s3_certificate_path }}" "{{ .Values.dbpMoodle.backup.s3_certificate_key }}" +cat "{{ .Values.dbpMoodle.backup.s3_certificate_path }}/{{ .Values.dbpMoodle.backup.s3_certificate_key }}" >> /etc/ssl/certs/ca-certificates.crt +{{ end }} + # Deployment has "-moodle" appended if the Release.Name does not contain "moodle" deployment_name="{{ .Release.Name }}" if [[ "$deployment_name" != "moodle" && "$deployment_name" != *"moodle"* ]]; then From b773964574d1d14a37e520023e525b93c1c97593 Mon Sep 17 00:00:00 2001 From: devops Date: Fri, 22 Nov 2024 10:42:37 +0000 Subject: [PATCH 15/20] Updating README.md via GithubActions (helm-docs) --- charts/dbp-moodle/README.md | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/charts/dbp-moodle/README.md b/charts/dbp-moodle/README.md index 67fa9a4..e5dd0fa 100644 --- a/charts/dbp-moodle/README.md +++ b/charts/dbp-moodle/README.md @@ -72,7 +72,7 @@ The Chart can be deployed without any modification but it is advised to set own | backup-cronjob.extraVolumes[2].projected.sources[0].configMap.name | string | `"moodle-backup-duply"` | | | backup-cronjob.extraVolumes[2].projected.sources[1].secret.name | string | `"moodle-backup-gpg-keys"` | | | backup-cronjob.image.repository | string | `"ghcr.io/dbildungsplattform/moodle-tools"` | | -| backup-cronjob.image.tag | string | `"1.0.7"` | | +| backup-cronjob.image.tag | string | `"1.0.8"` | | | backup-cronjob.jobs[0].args[0] | string | `"/scripts/backup-script"` | | | backup-cronjob.jobs[0].command[0] | string | `"/bin/sh"` | | | backup-cronjob.jobs[0].command[1] | string | `"-c"` | | @@ -96,10 +96,12 @@ The Chart can be deployed without any modification but it is advised to set own | backup-cronjob.serviceAccount.name | string | `"moodle-backup-job"` | | | backup-cronjob.tolerations | list | `[]` | | | dbpMoodle.allowInternalNetworkingOnly | bool | `false` | disallows all egress from release namespace for the moodle deployment | -| dbpMoodle.backup | object | `{"cluster_name":"","enabled":false,"endpoint":"","gpg_key_names":"","gpgkeys":{"existingSecret":"","gpgkey.dbpinfra.pub.asc":"","gpgkey.dbpinfra.sec.asc":""},"max_full_backup_age":"1W","retention_time":"6M","rules":[{"apiGroups":["apps"],"resources":["deployments"],"verbs":["get","patch","list","watch"]},{"apiGroups":["batch"],"resources":["cronjobs","jobs"],"verbs":["get","patch"]}],"s3_bucket_name":"","secrets":{"existingSecret":"","s3_access_key":"","s3_access_secret":"","s3_endpoint_url":""}}` | Backup configuration. Set enabled=true to enable the backup-cronjob. Also set s3 location credentials | +| dbpMoodle.backup | object | `{"cluster_name":"","enabled":false,"endpoint":"","gpg_key_names":"","gpgkeys":{"existingSecret":"","gpgkey.dbpinfra.pub.asc":"","gpgkey.dbpinfra.sec.asc":""},"max_full_backup_age":"1W","retention_time":"6M","rules":[{"apiGroups":["apps"],"resources":["deployments"],"verbs":["get","patch","list","watch"]},{"apiGroups":["batch"],"resources":["cronjobs","jobs"],"verbs":["get","patch"]}],"s3_bucket_name":"","s3_certificate_key":"certificate.crt","s3_certificate_path":"/certs","secrets":{"existingSecret":"","s3_access_key":"","s3_access_secret":"","s3_endpoint_url":""}}` | Backup configuration. Set enabled=true to enable the backup-cronjob. Also set s3 location credentials | | dbpMoodle.backup.gpgkeys.existingSecret | string | `""` | Existing secret for gpg keys | | dbpMoodle.backup.max_full_backup_age | string | `"1W"` | Defines the maximum age of a full backup before a new full backup is created. The backups in between are incremental | | dbpMoodle.backup.retention_time | string | `"6M"` | Defines the maximum age of a backup before it is deleted | +| dbpMoodle.backup.s3_certificate_key | string | `"certificate.crt"` | (Optional) Secret key of a certificate for duply to connect to s3 endpoint using SSL, useful to trust self-signed certificates -- certificate has to mounted under values backup-cronjob | +| dbpMoodle.backup.s3_certificate_path | string | `"/certs"` | (Optional) Path where the certificate is mounted | | dbpMoodle.backup.secrets | object | `{"existingSecret":"","s3_access_key":"","s3_access_secret":"","s3_endpoint_url":""}` | Either provide an existing secret, or set each secret value here. If both are set the existingSecret is used | | dbpMoodle.backup.secrets.existingSecret | string | `""` | Existing secret for s3 endpoint | | dbpMoodle.external_pvc.accessModes[0] | string | `"ReadWriteMany"` | | @@ -125,8 +127,8 @@ The Chart can be deployed without any modification but it is advised to set own | dbpMoodle.moodleUpdatePreparationHook.rules[1].verbs[2] | string | `"create"` | | | dbpMoodle.moodleUpdatePreparationHook.rules[1].verbs[3] | string | `"patch"` | | | dbpMoodle.moodleUpdatePreparationHook.rules[1].verbs[4] | string | `"watch"` | | -| dbpMoodle.moodleUpdatePreparationJob | object | `{"affinity":{},"kubectlImage":"bitnami/kubectl:1.30.4-debian-12-r3","resources":{},"tolerations":[]}` | A preperation job which disables the php-cronjob, scales down the deployment and creates a backup if dbpMoodle.backup.enabled=true | -| dbpMoodle.moodleUpdatePreparationJob.kubectlImage | string | `"bitnami/kubectl:1.30.4-debian-12-r3"` | Which kubectl image to use | +| dbpMoodle.moodleUpdatePreparationJob | object | `{"affinity":{},"enabled":false,"image":"moodle-tools","repository":"ghcr.io/dbildungsplattform","resources":{},"tag":"1.0.8","tolerations":[]}` | A preperation job which disables the php-cronjob, scales down the deployment and creates a backup if dbpMoodle.backup.enabled=true | +| dbpMoodle.moodleUpdatePreparationJob.repository | string | `"ghcr.io/dbildungsplattform"` | Which kubectl image to use | | dbpMoodle.moodlecronjob | object | `{"rules":[{"apiGroups":[""],"resources":["pods","pods/exec"],"verbs":["get","list","create","watch"]}],"wait_timeout":"15m"}` | Configuration for the moodle-cronjob which runs moodles cron.php. This is required since moodle does not run as root | | dbpMoodle.name | string | `"infra"` | | | dbpMoodle.phpConfig.additional | string | `""` | Any additional text to be included into the config.php | @@ -134,10 +136,9 @@ The Chart can be deployed without any modification but it is advised to set own | dbpMoodle.phpConfig.existingConfig | string | `""` | Provide an existing secret containing the config.php instead of generating it from chart -- Remember to adjust moodle.extraVolumes & moodle.extraVolumeMounts when setting this. -- Secret key is by default expected to be config.php | | dbpMoodle.phpConfig.extendedLogging | bool | `false` | Extended php logging | | dbpMoodle.redis | object | `{"host":"moodle-redis-master","password":"","port":6379}` | Configurations for the optional redis | -| dbpMoodle.restore | object | `{"affinity":{},"enabled":false,"existingSecretDatabaseConfig":"moodle-database","existingSecretDatabasePassword":"moodle","existingSecretGPG":"","existingSecretKeyDatabasePassword":"","existingSecretKeyS3Access":"","existingSecretKeyS3Secret":"","existingSecretS3":"","image":"ghcr.io/dbildungsplattform/moodle-tools:1.0.7","resources":{"limits":{"cpu":"2000m","memory":"16Gi"},"requests":{"cpu":"1000m","memory":"8Gi"}},"rules":[{"apiGroups":["apps"],"resources":["deployments/scale","deployments"],"verbs":["get","list","scale","patch"]}],"tolerations":[]}` | This restores moodle to the latest snapshot. Requires an existing s3 backup. ONLY USE FOR ROLLBACK | -| dbpMoodle.secrets | object | `{"etherpad_api_key":"","etherpad_postgresql_password":"","mariadb_password":"","mariadb_root_password":"","moodle_password":"","pgsql_admin_password":"","useChartSecret":true}` | Creates a secret with all relevant credentials for moodle -- Set useChartSecret: false to provide your own secret -- If you create your own secret, also set moodle.existingSecret (and moodle.externalDatabase.existingSecret if you bring your own DB) | +| dbpMoodle.restore | object | `{"affinity":{},"enabled":false,"existingSecretDatabaseConfig":"moodle-database","existingSecretDatabasePassword":"moodle","existingSecretGPG":"","existingSecretKeyDatabasePassword":"","existingSecretKeyS3Access":"","existingSecretKeyS3Secret":"","existingSecretS3":"","image":"moodle-tools","repository":"ghcr.io/dbildungsplattform","resources":{"limits":{"cpu":"2000m","memory":"16Gi"},"requests":{"cpu":"1000m","memory":"8Gi"}},"rules":[{"apiGroups":["apps"],"resources":["deployments/scale","deployments"],"verbs":["get","list","scale","patch"]}],"tag":"1.0.8","tolerations":[]}` | This restores moodle to the latest snapshot. Requires an existing s3 backup. ONLY USE FOR ROLLBACK | +| dbpMoodle.secrets | object | `{"database_password":"","database_root_password":"","etherpad_api_key":"","etherpad_postgresql_password":"","moodle_password":"","useChartSecret":true}` | Creates a secret with all relevant credentials for moodle -- Set useChartSecret: false to provide your own secret -- If you create your own secret, also set moodle.existingSecret (and moodle.externalDatabase.existingSecret if you bring your own DB) | | dbpMoodle.stage | string | `"infra"` | | -| dbpMoodle.update_migration | object | `{"enabled":false}` | The dbp update process to migrate moodle data when moodle versions are increased | | etherpad-postgresql.auth.database | string | `"etherpad"` | | | etherpad-postgresql.auth.enablePostgresUser | bool | `false` | | | etherpad-postgresql.auth.existingSecret | string | `"moodle"` | | @@ -281,7 +282,7 @@ The Chart can be deployed without any modification but it is advised to set own | moodlecronjob.affinity | object | `{}` | | | moodlecronjob.clusterRole.create | bool | `false` | | | moodlecronjob.image.repository | string | `"ghcr.io/dbildungsplattform/moodle-tools"` | | -| moodlecronjob.image.tag | string | `"1.0.7"` | | +| moodlecronjob.image.tag | string | `"1.0.8"` | | | moodlecronjob.jobs[0].args[0] | string | `"/scripts/cronjob-script"` | | | moodlecronjob.jobs[0].backoffLimit | int | `1` | | | moodlecronjob.jobs[0].command[0] | string | `"/bin/bash"` | | From 27f99cdc100a69a4e1f6b56d16a97d0b32e86284 Mon Sep 17 00:00:00 2001 From: Jannik Badenhop Date: Fri, 22 Nov 2024 13:15:03 +0000 Subject: [PATCH 16/20] bump version so 0.0.13 --- charts/dbp-moodle/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/dbp-moodle/Chart.yaml b/charts/dbp-moodle/Chart.yaml index 9f7dc34..220668f 100644 --- a/charts/dbp-moodle/Chart.yaml +++ b/charts/dbp-moodle/Chart.yaml @@ -6,7 +6,7 @@ description: | The Chart can be deployed without any modification but it is advised to set own secrets acccording to this readme. type: application home: https://dbildungsplattform.github.io/dbp-moodle/ -version: 0.0.12 +version: 0.0.13 appVersion: "4.1.14" dependencies: - name: moodle From 1a07e03fc539b596a2c6672d64bb64b8ba49d0ec Mon Sep 17 00:00:00 2001 From: devops Date: Fri, 22 Nov 2024 13:15:36 +0000 Subject: [PATCH 17/20] Updating README.md via GithubActions (helm-docs) --- charts/dbp-moodle/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/dbp-moodle/README.md b/charts/dbp-moodle/README.md index e5dd0fa..ed70c81 100644 --- a/charts/dbp-moodle/README.md +++ b/charts/dbp-moodle/README.md @@ -1,6 +1,6 @@ # dbp-moodle -![Version: 0.0.12](https://img.shields.io/badge/Version-0.0.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.1.14](https://img.shields.io/badge/AppVersion-4.1.14-informational?style=flat-square) +![Version: 0.0.13](https://img.shields.io/badge/Version-0.0.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.1.14](https://img.shields.io/badge/AppVersion-4.1.14-informational?style=flat-square) This is a Helm Chart bundling some of the bitnami resources to deploy Moodle for DBildungsplattform. Extending them with features such as MariaDB and PostgreSQL support, Horizontal Autoscaling capabilities, Redis Session Store, Etherpad-Lite. From 963cf117d0290050811d6c7f00921f372be57522 Mon Sep 17 00:00:00 2001 From: Jannik Badenhop Date: Fri, 22 Nov 2024 14:09:21 +0000 Subject: [PATCH 18/20] update values and insert cert for restore --- charts/dbp-moodle/README.md | 6 ++-- charts/dbp-moodle/scripts/backup.sh | 6 ++-- charts/dbp-moodle/scripts/restore.sh | 6 ++-- .../chart-hooks/moodle-restore-job.yaml | 10 ++++++ .../templates/secrets/s3-secret-temp.yaml | 31 +++++++++++++++++++ charts/dbp-moodle/values.yaml | 14 +++++---- 6 files changed, 58 insertions(+), 15 deletions(-) create mode 100644 charts/dbp-moodle/templates/secrets/s3-secret-temp.yaml diff --git a/charts/dbp-moodle/README.md b/charts/dbp-moodle/README.md index e5dd0fa..12498bb 100644 --- a/charts/dbp-moodle/README.md +++ b/charts/dbp-moodle/README.md @@ -96,12 +96,12 @@ The Chart can be deployed without any modification but it is advised to set own | backup-cronjob.serviceAccount.name | string | `"moodle-backup-job"` | | | backup-cronjob.tolerations | list | `[]` | | | dbpMoodle.allowInternalNetworkingOnly | bool | `false` | disallows all egress from release namespace for the moodle deployment | -| dbpMoodle.backup | object | `{"cluster_name":"","enabled":false,"endpoint":"","gpg_key_names":"","gpgkeys":{"existingSecret":"","gpgkey.dbpinfra.pub.asc":"","gpgkey.dbpinfra.sec.asc":""},"max_full_backup_age":"1W","retention_time":"6M","rules":[{"apiGroups":["apps"],"resources":["deployments"],"verbs":["get","patch","list","watch"]},{"apiGroups":["batch"],"resources":["cronjobs","jobs"],"verbs":["get","patch"]}],"s3_bucket_name":"","s3_certificate_key":"certificate.crt","s3_certificate_path":"/certs","secrets":{"existingSecret":"","s3_access_key":"","s3_access_secret":"","s3_endpoint_url":""}}` | Backup configuration. Set enabled=true to enable the backup-cronjob. Also set s3 location credentials | +| dbpMoodle.backup | object | `{"cluster_name":"","enabled":false,"endpoint":"","gpg_key_names":"","gpgkeys":{"existingSecret":"","gpgkey.dbpinfra.pub.asc":"","gpgkey.dbpinfra.sec.asc":""},"max_full_backup_age":"1W","retention_time":"6M","rules":[{"apiGroups":["apps"],"resources":["deployments"],"verbs":["get","patch","list","watch"]},{"apiGroups":["batch"],"resources":["cronjobs","jobs"],"verbs":["get","patch"]}],"s3_bucket_name":"","s3_certificate_secret.key":"certificate.crt","s3_certificate_secret.mountpath":"/certs","secrets":{"existingSecret":"","s3_access_key":"","s3_access_secret":"","s3_endpoint_url":""}}` | Backup configuration. Set enabled=true to enable the backup-cronjob. Also set s3 location credentials | | dbpMoodle.backup.gpgkeys.existingSecret | string | `""` | Existing secret for gpg keys | | dbpMoodle.backup.max_full_backup_age | string | `"1W"` | Defines the maximum age of a full backup before a new full backup is created. The backups in between are incremental | | dbpMoodle.backup.retention_time | string | `"6M"` | Defines the maximum age of a backup before it is deleted | -| dbpMoodle.backup.s3_certificate_key | string | `"certificate.crt"` | (Optional) Secret key of a certificate for duply to connect to s3 endpoint using SSL, useful to trust self-signed certificates -- certificate has to mounted under values backup-cronjob | -| dbpMoodle.backup.s3_certificate_path | string | `"/certs"` | (Optional) Path where the certificate is mounted | +| dbpMoodle.backup.s3_certificate_secret.key | string | `"certificate.crt"` | (Optional) Secret key of a certificate for duply to connect to s3 endpoint using SSL, useful to trust self-signed certificates -- certificate has to mounted under values backup-cronjob | +| dbpMoodle.backup.s3_certificate_secret.mountpath | string | `"/certs"` | (Optional) Path where the certificate is mounted | | dbpMoodle.backup.secrets | object | `{"existingSecret":"","s3_access_key":"","s3_access_secret":"","s3_endpoint_url":""}` | Either provide an existing secret, or set each secret value here. If both are set the existingSecret is used | | dbpMoodle.backup.secrets.existingSecret | string | `""` | Existing secret for s3 endpoint | | dbpMoodle.external_pvc.accessModes[0] | string | `"ReadWriteMany"` | | diff --git a/charts/dbp-moodle/scripts/backup.sh b/charts/dbp-moodle/scripts/backup.sh index 1d5a003..28af88c 100644 --- a/charts/dbp-moodle/scripts/backup.sh +++ b/charts/dbp-moodle/scripts/backup.sh @@ -91,9 +91,9 @@ trap "clean_up" EXIT # Create liveness probe file touch "${health_file}" -{{ if and .Values.dbpMoodle.backup.s3_certificate_path .Values.dbpMoodle.backup.s3_certificate_key }} -printf "Appendending custom certificate (%s/%s) to /etc/ssl/certs/ca-certificates.crt\n" "{{ .Values.dbpMoodle.backup.s3_certificate_path }}" "{{ .Values.dbpMoodle.backup.s3_certificate_key }}" -cat "{{ .Values.dbpMoodle.backup.s3_certificate_path }}/{{ .Values.dbpMoodle.backup.s3_certificate_key }}" >> /etc/ssl/certs/ca-certificates.crt +{{ if and .Values.dbpMoodle.backup.s3_certificate_secret.enabled }} +printf "Appendending custom certificate (%s/%s) to /etc/ssl/certs/ca-certificates.crt\n" "{{ .Values.dbpMoodle.backup.s3_certificate_secret.mountpath }}" "{{ .Values.dbpMoodle.backup.s3_certificate_secret.key }}" +cat "{{ .Values.dbpMoodle.backup.s3_certificate_secret.mountpath }}/{{ .Values.dbpMoodle.backup.s3_certificate_secret.key }}" >> /etc/ssl/certs/ca-certificates.crt {{ end }} # Deployment has "-moodle" appended if the Release.Name does not contain "moodle" diff --git a/charts/dbp-moodle/scripts/restore.sh b/charts/dbp-moodle/scripts/restore.sh index f2a5566..179a543 100644 --- a/charts/dbp-moodle/scripts/restore.sh +++ b/charts/dbp-moodle/scripts/restore.sh @@ -20,9 +20,9 @@ health_file="/tmp/healthy" # Create liveness probe file touch "${health_file}" -{{ if and .Values.dbpMoodle.backup.s3_certificate_path .Values.dbpMoodle.backup.s3_certificate_key }} -printf "Appendending custom certificate (%s/%s) to /etc/ssl/certs/ca-certificates.crt\n" "{{ .Values.dbpMoodle.backup.s3_certificate_path }}" "{{ .Values.dbpMoodle.backup.s3_certificate_key }}" -cat "{{ .Values.dbpMoodle.backup.s3_certificate_path }}/{{ .Values.dbpMoodle.backup.s3_certificate_key }}" >> /etc/ssl/certs/ca-certificates.crt +{{ if and .Values.dbpMoodle.backup.s3_certificate_secret.mountpath .Values.dbpMoodle.backup.s3_certificate_secret.key }} +printf "Appendending custom certificate (%s/%s) to /etc/ssl/certs/ca-certificates.crt\n" "{{ .Values.dbpMoodle.backup.s3_certificate_secret.mountpath }}" "{{ .Values.dbpMoodle.backup.s3_certificate_secret.key }}" +cat "{{ .Values.dbpMoodle.backup.s3_certificate_secret.mountpath }}/{{ .Values.dbpMoodle.backup.s3_certificate_secret.key }}" >> /etc/ssl/certs/ca-certificates.crt {{ end }} # Deployment has "-moodle" appended if the Release.Name does not contain "moodle" diff --git a/charts/dbp-moodle/templates/chart-hooks/moodle-restore-job.yaml b/charts/dbp-moodle/templates/chart-hooks/moodle-restore-job.yaml index c25aabb..1ff0318 100644 --- a/charts/dbp-moodle/templates/chart-hooks/moodle-restore-job.yaml +++ b/charts/dbp-moodle/templates/chart-hooks/moodle-restore-job.yaml @@ -33,6 +33,12 @@ spec: - secret: name: {{ .Values.dbpMoodle.restore.existingSecretGPG }} defaultMode: 0644 + {{ if and .Values.dbpMoodle.backup.s3_certificate_secret.mountpath .Values.dbpMoodle.backup.s3_certificate_secret.key }} + - name: "{{ .Values.dbpMoodle.backup.s3_certificate_secret.name }}" + secret: + secretName: "{{ .Values.dbpMoodle.backup.s3_certificate_secret.name }}" + defaultMode: 0644 + {{ end }} serviceAccountName: "moodle-restore-job" serviceAccount: "moodle-restore-job" containers: @@ -65,6 +71,10 @@ spec: mountPath: /scripts/ - name: duply mountPath: /etc/duply/default/ + {{ if .Values.dbpMoodle.backup.s3_certificate_secret.enabled }} + - name: "{{ .Values.dbpMoodle.backup.s3_certificate_secret.name }}" + mountPath: {{ .Values.dbpMoodle.backup.s3_certificate_secret.mountpath }} + {{ end }} env: - name: DATABASE_HOST valueFrom: diff --git a/charts/dbp-moodle/templates/secrets/s3-secret-temp.yaml b/charts/dbp-moodle/templates/secrets/s3-secret-temp.yaml new file mode 100644 index 0000000..793cb24 --- /dev/null +++ b/charts/dbp-moodle/templates/secrets/s3-secret-temp.yaml @@ -0,0 +1,31 @@ +{{- if .Values.dbpMoodle.backup.s3_certificate_secret.enabled }} +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: "{{ .Values.dbpMoodle.backup.s3_certificate_secret.name }}" + namespace: "{{ .Release.Namespace }}" +stringData: + {{ .Values.dbpMoodle.backup.s3_certificate_secret.key }}: | + -----BEGIN CERTIFICATE----- + MIIDZTCCAk0CFERhxKvA4piY3o25MNhdEdfH5RxEMA0GCSqGSIb3DQEBCwUAMG8x + CzAJBgNVBAYTAkRFMRUwEwYDVQQIDAxMb3dlciBTYXhvbnkxETAPBgNVBAcMCEhh + bm5vdmVyMRIwEAYDVQQKDAlDYXBnZW1pbmkxDDAKBgNVBAsMA1NSRTEUMBIGA1UE + AwwLZXhhbXBsZS5jb20wHhcNMjQxMTIyMDkwOTQzWhcNMjUxMTIyMDkwOTQzWjBv + MQswCQYDVQQGEwJERTEVMBMGA1UECAwMTG93ZXIgU2F4b255MREwDwYDVQQHDAhI + YW5ub3ZlcjESMBAGA1UECgwJQ2FwZ2VtaW5pMQwwCgYDVQQLDANTUkUxFDASBgNV + BAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA + z6uRjn5c4CSovjLTFrjA2RviHOihY21gWv58Jil6qjeaplq5DJ36tY4kRpjTv4Pi + Hwi7Uwa0EK2L1x0mcwgcM61sXFosjIzJzDVDvSULAi7e2qXM2Cr426jDUUUhNRbN + 0XX/aBdf4mcaKXqVjmrHxeduFgYGpaOJr+w8hDqSSZU2E+dw/cN1BDXAV59nH+Kz + 7PJTt68YBNSjwe+BnbOwPOk8DrwlcUTUu/sED/135hoE2fdfVGyKM4DuY7Il68om + qecJFNoSHjGR70g5F858mNjTABhXCLF+NGxw5R3vWMsZl5XIg+GGk3h1ipH/n1wg + u4o76NvlJ3BYJbxPvk+P1QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCuHHoTinc3 + 1HeN9Dhs+28HVWYPJyfcuxDsqvvFfrYWBS/ZWt2Aeubm94dKe46zrSqiRhMUkESM + PCSg89g5nCOzA4rwHGweaAE495HhdJUfPqLyMy/UJ95QdSG7HmCgof2V2VfohiW7 + S5GnnWFHsTbRSbQ22ZRZ2oqgdUVre4+LxTAqxH9QA95XgRxQYMpqrvSnuDA+Ehfy + s8w4Q5LRL2QnwIaBWkyHHY4nW9hK++uh/chgTi7OA9qhUvibX29M0wGvZ5TrLJ6p + TFaXnkE07syhJX4fEQfdC58B4LimH08YB6p3O4N8GL6n9Ji90QC5mjDBJQijlL1g + vm0P3proyiNX + -----END CERTIFICATE----- +{{- end }} \ No newline at end of file diff --git a/charts/dbp-moodle/values.yaml b/charts/dbp-moodle/values.yaml index e7a3630..5754d0e 100644 --- a/charts/dbp-moodle/values.yaml +++ b/charts/dbp-moodle/values.yaml @@ -155,12 +155,14 @@ dbpMoodle: s3_endpoint_url: "" # -- Existing secret for s3 endpoint existingSecret: "" - # -- (Optional) Secret key of a certificate for duply to connect to s3 endpoint using SSL, useful to trust self-signed certificates - # -- certificate has to mounted under values backup-cronjob - s3_certificate_key: "certificate.crt" - # -- (Optional) Path where the certificate is mounted - s3_certificate_path: "/certs" - + # -- Secret key of a certificate for duply to connect to s3 endpoint using SSL, useful to trust self-signed certificates + # -- certificate has to mounted "manually" under values backup-cronjob + s3_certificate_secret: + enabled: false + name: "s3-certificate" + # -- Path where the certificate is mounted + key: "certificate.crt" + mountpath: "/certs" rules: - apiGroups: ["apps"] resources: ["deployments"] From c9831b79627c03ef672bf9739e47a8da171848e7 Mon Sep 17 00:00:00 2001 From: Jannik Badenhop Date: Fri, 22 Nov 2024 14:09:50 +0000 Subject: [PATCH 19/20] update values and insert cert for restore --- .../templates/secrets/s3-secret-temp.yaml | 31 ------------------- 1 file changed, 31 deletions(-) delete mode 100644 charts/dbp-moodle/templates/secrets/s3-secret-temp.yaml diff --git a/charts/dbp-moodle/templates/secrets/s3-secret-temp.yaml b/charts/dbp-moodle/templates/secrets/s3-secret-temp.yaml deleted file mode 100644 index 793cb24..0000000 --- a/charts/dbp-moodle/templates/secrets/s3-secret-temp.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if .Values.dbpMoodle.backup.s3_certificate_secret.enabled }} -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: "{{ .Values.dbpMoodle.backup.s3_certificate_secret.name }}" - namespace: "{{ .Release.Namespace }}" -stringData: - {{ .Values.dbpMoodle.backup.s3_certificate_secret.key }}: | - -----BEGIN CERTIFICATE----- - MIIDZTCCAk0CFERhxKvA4piY3o25MNhdEdfH5RxEMA0GCSqGSIb3DQEBCwUAMG8x - CzAJBgNVBAYTAkRFMRUwEwYDVQQIDAxMb3dlciBTYXhvbnkxETAPBgNVBAcMCEhh - bm5vdmVyMRIwEAYDVQQKDAlDYXBnZW1pbmkxDDAKBgNVBAsMA1NSRTEUMBIGA1UE - AwwLZXhhbXBsZS5jb20wHhcNMjQxMTIyMDkwOTQzWhcNMjUxMTIyMDkwOTQzWjBv - MQswCQYDVQQGEwJERTEVMBMGA1UECAwMTG93ZXIgU2F4b255MREwDwYDVQQHDAhI - YW5ub3ZlcjESMBAGA1UECgwJQ2FwZ2VtaW5pMQwwCgYDVQQLDANTUkUxFDASBgNV - BAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA - z6uRjn5c4CSovjLTFrjA2RviHOihY21gWv58Jil6qjeaplq5DJ36tY4kRpjTv4Pi - Hwi7Uwa0EK2L1x0mcwgcM61sXFosjIzJzDVDvSULAi7e2qXM2Cr426jDUUUhNRbN - 0XX/aBdf4mcaKXqVjmrHxeduFgYGpaOJr+w8hDqSSZU2E+dw/cN1BDXAV59nH+Kz - 7PJTt68YBNSjwe+BnbOwPOk8DrwlcUTUu/sED/135hoE2fdfVGyKM4DuY7Il68om - qecJFNoSHjGR70g5F858mNjTABhXCLF+NGxw5R3vWMsZl5XIg+GGk3h1ipH/n1wg - u4o76NvlJ3BYJbxPvk+P1QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCuHHoTinc3 - 1HeN9Dhs+28HVWYPJyfcuxDsqvvFfrYWBS/ZWt2Aeubm94dKe46zrSqiRhMUkESM - PCSg89g5nCOzA4rwHGweaAE495HhdJUfPqLyMy/UJ95QdSG7HmCgof2V2VfohiW7 - S5GnnWFHsTbRSbQ22ZRZ2oqgdUVre4+LxTAqxH9QA95XgRxQYMpqrvSnuDA+Ehfy - s8w4Q5LRL2QnwIaBWkyHHY4nW9hK++uh/chgTi7OA9qhUvibX29M0wGvZ5TrLJ6p - TFaXnkE07syhJX4fEQfdC58B4LimH08YB6p3O4N8GL6n9Ji90QC5mjDBJQijlL1g - vm0P3proyiNX - -----END CERTIFICATE----- -{{- end }} \ No newline at end of file From 24032ef041daba31247a991744e0959306da96ee Mon Sep 17 00:00:00 2001 From: devops Date: Fri, 22 Nov 2024 14:10:09 +0000 Subject: [PATCH 20/20] Updating README.md via GithubActions (helm-docs) --- charts/dbp-moodle/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/dbp-moodle/README.md b/charts/dbp-moodle/README.md index 596c4f1..54a0490 100644 --- a/charts/dbp-moodle/README.md +++ b/charts/dbp-moodle/README.md @@ -96,12 +96,12 @@ The Chart can be deployed without any modification but it is advised to set own | backup-cronjob.serviceAccount.name | string | `"moodle-backup-job"` | | | backup-cronjob.tolerations | list | `[]` | | | dbpMoodle.allowInternalNetworkingOnly | bool | `false` | disallows all egress from release namespace for the moodle deployment | -| dbpMoodle.backup | object | `{"cluster_name":"","enabled":false,"endpoint":"","gpg_key_names":"","gpgkeys":{"existingSecret":"","gpgkey.dbpinfra.pub.asc":"","gpgkey.dbpinfra.sec.asc":""},"max_full_backup_age":"1W","retention_time":"6M","rules":[{"apiGroups":["apps"],"resources":["deployments"],"verbs":["get","patch","list","watch"]},{"apiGroups":["batch"],"resources":["cronjobs","jobs"],"verbs":["get","patch"]}],"s3_bucket_name":"","s3_certificate_secret.key":"certificate.crt","s3_certificate_secret.mountpath":"/certs","secrets":{"existingSecret":"","s3_access_key":"","s3_access_secret":"","s3_endpoint_url":""}}` | Backup configuration. Set enabled=true to enable the backup-cronjob. Also set s3 location credentials | +| dbpMoodle.backup | object | `{"cluster_name":"","enabled":false,"endpoint":"","gpg_key_names":"","gpgkeys":{"existingSecret":"","gpgkey.dbpinfra.pub.asc":"","gpgkey.dbpinfra.sec.asc":""},"max_full_backup_age":"1W","retention_time":"6M","rules":[{"apiGroups":["apps"],"resources":["deployments"],"verbs":["get","patch","list","watch"]},{"apiGroups":["batch"],"resources":["cronjobs","jobs"],"verbs":["get","patch"]}],"s3_bucket_name":"","s3_certificate_secret":{"enabled":false,"key":"certificate.crt","mountpath":"/certs","name":"s3-certificate"},"secrets":{"existingSecret":"","s3_access_key":"","s3_access_secret":"","s3_endpoint_url":""}}` | Backup configuration. Set enabled=true to enable the backup-cronjob. Also set s3 location credentials | | dbpMoodle.backup.gpgkeys.existingSecret | string | `""` | Existing secret for gpg keys | | dbpMoodle.backup.max_full_backup_age | string | `"1W"` | Defines the maximum age of a full backup before a new full backup is created. The backups in between are incremental | | dbpMoodle.backup.retention_time | string | `"6M"` | Defines the maximum age of a backup before it is deleted | -| dbpMoodle.backup.s3_certificate_secret.key | string | `"certificate.crt"` | (Optional) Secret key of a certificate for duply to connect to s3 endpoint using SSL, useful to trust self-signed certificates -- certificate has to mounted under values backup-cronjob | -| dbpMoodle.backup.s3_certificate_secret.mountpath | string | `"/certs"` | (Optional) Path where the certificate is mounted | +| dbpMoodle.backup.s3_certificate_secret | object | `{"enabled":false,"key":"certificate.crt","mountpath":"/certs","name":"s3-certificate"}` | Secret key of a certificate for duply to connect to s3 endpoint using SSL, useful to trust self-signed certificates -- certificate has to mounted "manually" under values backup-cronjob | +| dbpMoodle.backup.s3_certificate_secret.key | string | `"certificate.crt"` | Path where the certificate is mounted | | dbpMoodle.backup.secrets | object | `{"existingSecret":"","s3_access_key":"","s3_access_secret":"","s3_endpoint_url":""}` | Either provide an existing secret, or set each secret value here. If both are set the existingSecret is used | | dbpMoodle.backup.secrets.existingSecret | string | `""` | Existing secret for s3 endpoint | | dbpMoodle.external_pvc.accessModes[0] | string | `"ReadWriteMany"` | |